EDRi has responded to the public consultation of the European Commission on Electronic Commerce Directive (2000/31/EC) asking for the revision of the European regime of intermediaries liability, in view of better guaranteeing the respect for fundamental rights and the due process of law application on the Internet.
This consultation, closed on 5 November 2010, aimed at assessing the implementation of the Directive in Member States, and at identifying limitations with the current text.
EDRi focuses its answer on the liability regime of the technical intermediaries set by Articles 12 to 15 of the Directive. This scheme applies to intermediaries providing access to the Internet as well as content distribution and hosting. From the users' perspective, this regime has a major impact on the level of freedom of expression, freedom of information, right to privacy and personal data protection on the Internet, as well as on the due process of law. From the technical intermediaries' perspective, it must ensure the needed legal certainty to run their activities.
EDRi's response stresses that the lack of clarity and precision of this regime does not currently allow adequate protection of human rights and the rule of law, nor does it ensure legal certainty for intermediaries. In support of this assertion, EDRi provides examples of concrete situations having occurred in different countries following the transposition of the Directive into national laws.
In order for the EU to respect its current obligations with regard to its own Charter of Fundamental Rights and its upcoming obligations under the European Convention on Human Rights, EDRi underlines the need to revise the current intermediaries liability regime as follows:
Details on all these issues are provided in the EDRi response.
On 9 and 10 November 2010 the representatives of the EDRi-member Panoptykon Foundation met with the representatives of the European Commission in order to discuss the evaluation of the Data Retention Directive (DRD) and the rationale behind the regime of blanket data retention . The meetings were held with representatives from Reding Cabinet first and secondly with members of the Directorate General for Home Affairs - DG Home. The following is a summary of the main issues that were discussed according to Panoptykon's point of view.
It seems that the Commissioner Reding remains very critical about the current data protection regime. The following might be identified as the main problems with the Directive:
On the next day with DG Home there were discussed three main problems:
Regarding the evaluation process, DG Home admitted that they were still working on the report and 3 March 2011 remains their internal deadline for publishing it. The delay in the process is due to the lack of response from the Member States - only 13 responded, sending rather low quality data (e.g. no statistical information on how the retained data was used and with what effect for law enforcement). Only the UK made an effort to give more insight into how the retained data was used in investigations.
There might be nine key issues in the evaluation report: purpose, period, scope, modalities, authorities, operators, costs, crime and data security. Later on, DG Home will probably move on to make an impact assessment, which is officially treated as a second stage of the whole process. This will include public consultation and the invitation to voice concerns. The third stage will be the drafting of a proposal for DRD revision. The important thing is that there will be a proposal for review and not just re-casting of the DRD.
As far as the implementation and considered revision of DRD is concerned, from the discussion with
DG Home it appears that not a single Member State has implemented the directive as it was intended by the Commission. However, it seems that the evaluation report will not mention particular states.
While discussing the shortening of the retention period, DG Home quoted a survey saying that while the retained data is requested within the first 3-6 months in investigating minor crimes or offences, in the case of most serious crimes (like terrorism) data is requested even 2 years after the crime occurred. So the argument is that if someone wants to fulfill the original goal of the DRD, a long retention period might be a necessity.
It was our understanding that DG Home seems convinced that the amount of data stored byoperators under DRD remains the same as it was under the e-Privacy Directive (Art.15). Also that DRD remains an alternative legal basis for implementing the data retention regime to Art.15 of the e-Privacy Directive . That would mean that DRD was not seen as lege specialis(!).
Finally, on the point of the adaptation of the data retention regime to “technological change”, there were possibilities of increasing the scope of DRD to cover Information Society Service providers like Google or Facebook. This is because the data retention in the current shape might be seen as not efficient and easy to circumvent.
A long discussion related with the proportionality issue. One opinion was that the reasoning applied by the European Court of Justice in the Marper case can be used to legitimise the blanket data retention regime. This might be understand as the Court criticised “indiscriminate and blanket” retention of data only on the grounds of the time factor (i.e. that DNA profiles were supposed to be stored forever) and not to the scope of the data collected (i.e. that UK wanted to collect and store data of everyone who has ever been suspected of committing an offence). Therefore blanket data retention might remain, in some views, legitimate and proportional as long as it is limited in time (e.g. the maximum period of 2 years).
While in Germany the Minister of Justice rejects the current data retention regime, Sweden is preparing to implement it. In the meantime, the European Commission is organizing a public debate on the review of the directive, but has delayed its final report on the revision.
The Swedish Government has proposed a draft law to implement the data retention directive, asking for a six month period of keeping the trafficdata of electronic communications. Justice Minister Beatrice Ask considers that it is “important for us to create adequate protection for personal integrity” and this is why Sweden has opted for the minimum period allowed by the EU directive.
The European Commission (EC) has already started the review of the data retention directive, but decided to postpone the report after it failed to obtain from member countries enough evidence to show why the directive is needed. “The data retention directive is a totally failed initiative,” EDRi's Joe McNamee told Deutsche Welle. Now the EC has invited all relevant stakeholders to a conference in Brussels on 3 December 2010 in order to “finalise the evaluation of the Directive and to start the process of its review”.
In Germany, the head of the Federal Criminal Police considers that its country should re-enact the data retention law. But the German Minister of Justice Sabine Leutheusser-Schnarrenberger has supported the position of the civil society which is against such a measure. Moreover, she has informed the German Working Group on Data Retention (AK Vorrat) that she supports their position that if the EU Commission wants to uphold the data retention policy entirely, the EU must at least leave it to national parliaments and constitutional courts to decide whether they wish to implement this policy or not. “I am permanently in touch with the EU Commission and will take your arguments into account in our upcoming discussions”, Leutheusser-Schnarrenberger assured the Working Group.
The AK Vorrat press info also points to the recent ruling of the European Court of Justice
that considered “limitations in relation to the protection of personal data must apply only in so far as is strictly necessary”. It ruled as “invalid” EU requirements to publish every recipient of agricultural subsidies in the EU, deciding that this indiscriminate policy “exceeded the limits which compliance with the principle of proportionality imposes”. “(I)t is possible to envisage measures which affect less adversely that fundamental right of natural persons and which still contribute effectively to the objectives of the European Union rules in question”, the Court held.
“The EU must now also abandon the disproportionate practise of indiscriminate retention of records on any communication, lest the EU Court of Justice rule the EU data retention directive invalid, too”, comments Patrick Breyer of the Working Group on Data Retention. “The targeted preservation of suspect data is much less invasive and still contributes effectively to the prosecution of crime. The practise of most states world-wide demonstrates that EU rules stipulating the indiscriminate retention of records on any phone call, mobile phone location and Internet connection in the EU is not 'strictly necessary', but violates our right to respect for our private lives as guaranteed in the EU Charter of Fundamental Rights. It is not only the EU Court of Justice but also national constitutional courts and the European Court of Human Rights that have in the past ruled invalid indiscriminate intrusions into the personal lives of innocent citizens.”
Six EU member states have refused to transpose the controversial 2006 EU data retention directive; in two more EU Member States constitutional courts have annulled data retention laws, finding them incompatible with fundamental rights.
The Canadian Government also distanced itself from the controversial EU data retention policy. It announced plans to “create a preservation order that would require a telecommunication service provider to safeguard and not delete its data related to a specific communication or a subscriber when police believe the data will assist in an investigation.” “This is not data retention”, the Department of Justice pointed out. Preservation orders would be “restricted to the data that would assist in a specific investigation.”
The European Commission has published a Communication on “a comprehensive approach to personal data protection in the European Union”, as the final stage in the consultation process leading to a review of the 1995 Data Protection Directive.
Based on its work on this dossier to date, the Commission has identified the need to address several key priorities, the first of these being to adapt to the impact of new technologies. Three further priorities (enhancing the single market, providing stronger institutional arrangements and improving coherence) address a core problem that unites pretty much everybody concerned with the current framework - the lack of consistency and predictability in the implementation of the Directive. This consistency will be tested by the broader applicability of the Directive as a result of the Lisbon Treaty. A further priority will be to strengthen international measures, to ensure protection of personal data on a global level, particularly as a result of developments such as outsourcing.
These priorities are honed down it the Commission's Communication into several specific objectives.
The first objective is the strengthening of individuals' rights. The Commission raises the issue of the definition of personally identifiable data in this context and says that additional measures are needed. The aim is to ensure a coherent application of data protection rules, taking into account the impact of new technologies on individuals' rights and freedoms and the objective of ensuring the free circulation of personal data within the internal market.
The second objective is more difficult still - to increase transparency for data subjects. The Commission proposes three different strands of action on this point. It suggests a general principle of transparent processing, bolstered by specific obligations on what information to provide and how to provide it and with standard EU forms for data controllers. Finally, as it was almost unavoidable after the introduction of a sector-specific breach notification obligation in the e-privacy Directive, the Commission suggests a general breach notification obligation.
The third objective is a clearer power of citizens to have control over their own data, where theoretical rights granted by the existing Directive are currently very difficult to enforce in practice. The aim of the Commission is to improve the procedures for exercising the rights of access, rectification, erasure and blocking of data - including the “right to be forgotten” - and “data portability”
(“as far as technically feasible” - which will obviously need to be carefully worded to avoid businesses devising systems to make this technically unfeasible).
The fourth objective is to increase the level of awareness of data protection rights in Europe, including funding for this via the EU budget and through an obligation on Member States to raise awareness.
Fifth, the Commission sets an objective of ensuring free and informed consent but, unsurprisingly, as this is a particularly difficult issue, it makes few proposals at the moment, beyond suggesting that self-regulatory initiatives designed to develop solutions consistent with EU law may be a way of making progress.
The sixth objective is updating the protection for sensitive data, in particular with regard to the extension of the definition of sensitive data and harmonizing the conditions for processing such data.
Finally, and importantly, the Commission wishes to prioritise the issue of making remedies and sanctions more effective. It suggests that this could be done via group actions and strengthening existing provisions on sanctions.
With regard to the single market, the Commission recognizes the failures of the existing framework and undertakes to “examine the means to achieve further harmonisation of data protection rules at EU level.” The Commission aims to achieve this in part through a simplification of the current notification system. Following from this, it will seek to solve the issue of applicable law, which is causing problems for companies established in several EU Member States. The Commission undertakes to examine how to revise and clarify the existing provisions on applicable law.
The Commission is keen to ensure that simplification of procedures will not lead to a weakening of rights and therefore aims to create specific obligations including data protection impact assessments and the use of privacy enhancing technologies. This approach would be bolstered by self-regulatory initiatives such as codes of conduct.
The Commission ambitiously aims to address the problems of data protection in the field of police and judicial cooperation. While there is a Framework Decision on this subject, it does not cover domestic processing of data and also is too weak with regard to purpose limitation. To overcome these and other problems, the Commission suggests considering the extension of the application of the general data protection rules to the areas of police and judicial cooperation in criminal matters and considers the possibility of specific and harmonised provisions in the new general Data Protection Framework, for example on data protection regarding the processing of genetic data for criminal law purposes or distinguishing the various categories of data subjects (witnesses, suspects etc.) in the area of police cooperation and judicial cooperation in criminal matters. In addition, it is contemplating a specific consultation on the revision of current supervision systems in this area and the alignment of existing sector-specific rules to the general data protection framework.
With regard to the many and varied problems related to international data transfer, the Commission says that it intends to examine how to improve and streamline the current procedures for international data transfers, to clarify the Commission's adequacy procedure and better specify the criteria and requirements for assessing the level of data protection in a third country or an international organisation. It will also look at defining core EU data protection elements, which could be used for all types of international agreements.
During the Avignon Forum for the international meetings of culture, economy and media that took place on 5 November 2010, Neelie Kroes, European Commission Vice-President for the Digital Agenda, expressed her very strong conviction that copyright regulations had to change.
The Commissioner believes the existing copyright rules are not adapted to the development brought by the Internet and that any big technological revolution brings forth the necessity for adaptation. In her opinion, the intermediaries between the artists and the public are those that must understand the change and adapt. The “content industry has failed to capitalise on the changing market.” The present copyright laws have become a burden. “Despite the fact that thanks to the Internet the world has gotten smaller than ever before, making it extremely easy for artists to get their creations to as many people as possible, copyright law and the content industry stand in their way.”
Kroes drew the attention that culture intermediaries might not be spared by the “Internet revolution, which is unveiling the unsustainable position of certain content gatekeepers and intermediaries. No historically entrenched position guarantees the survival of any cultural intermediary. Like it or not, content gatekeepers risk being sidelined if they do not adapt to the needs of both creators and consumers of cultural goods.”
In other words, change or face the consequences! “I believe that those who will prosper in the digital age are those who understand that convergence is one of the keys,” because “convergence means creative freedom and more inspirational content ready to meet the expectations of a public that evolves with art and content.”
The Commissioner believes the development of the Internet will not kill other type of media just as “cinema did not kill theatre, nor did television kill radio.” She used as argument the statistics that show that actually the Internet increases the interest in art and creation. “…people who spend more time on the Internet tend to read more, and to go to cinema and to concerts more often than the population as a whole. Studies show that nowadays, people increasingly watch TV and browse the Internet at the same time - simply to get more information about something that intrigued them.”
Kroes expressed her goal of promoting cultural diversity and content adapted to the digital age and her hope that “Europe is and must remain a global cultural force.” She reminded the fact that copyright was not an end in itself and that although it had been useful for 200 years to artists and the creative industries, it was nowadays outdated. “We must ensure that copyright serves as a building block, not a stumbling block.”
And she gave the example of Europeana project, the online portal of libraries, museums and archives in Europe which is endangered by copyright. “…when it comes to 20th century materials, even to digitise and publish orphan works and out-of-distribution works, we have a large problem indeed. Europeana could be condemned to be a niche player rather than a world leader if it cannot be granted licenses and share the full catalogue of written and audio-visual material held in our cultural institutions.”
The Commissioner criticised the fragmented copyright system which is not adapted to the reality of today and which has reached a point where it gives a more important role to intermediaries than to artists. “It irritates the public who often cannot access what artists want to offer and leaves a vacuum which is served by illegal content, depriving the artists of their well deserved remuneration. And copyright enforcement is often entangled in sensitive questions about privacy, data protection or even net neutrality.”
As Kroes thinks an immediate debate on the topic is necessary, she announced that the Commission would soon make some legislative proposals after examining the issue of divergent national private copy levies and multi-territorial and pan-European licensing.
The Commissioner made an appeal to go back to sense rather than having “a dysfunctional system based on a series of cultural Berlin walls,” and to create a “system where there is scope to create new opportunities for artists and creators, and new business models that better fit the digital age.”
For the time being, we face situations like that of a young man accused, in a P2P case in US, of illegally downloading and distributing 24 tunes on the net, who was found in breach of copyright and fined with 1,1 million Euro (about 46 000 Euro/song).
A similar case in Germany brought about a 15 Euro fine/song. Although the cases are not identical in their details, they illustrate the very different approaches to copyright infringement in different jurisdictions.
After facing enormous pressure from the media, civil society and several MPs, The Dutch Ministry of Security and Justice announced that it will not develop a national database or search engine containing bank data of all Dutch citizens. The Dutch digital rights organization Bits of Freedom discovered plans to this end in one of 27 internal documents, that were made public after a Freedom of Information Act requests by independent researcher Rejo Zenger. As the response of the Government followed only one day after these plans hit the news, the campaign illustrates the crucial role civil society can and must play to protect digital civil rights.
The ambitions are a part of the much larger 'Project verkeerstoren' (Traffic Tower), that seeks to centralize the retention of and access to several categories of personal data, in order to ease the procedure for data requests by law enforcement agencies (LAEs). As telecommunications subscriber data are already stored in the national database CIOT (Centraal Informatiepunt Onderzoek Telecommunicatie) - accessed approx. 3 million times a year by Dutch LAEs - the Government had been investigating in 'Project dataretentie' the extension the CIOT-model to historical telecommunications subscriber data, traffic- and location data following the enactment of the Data retention directive. In one document however, the Government discusses the Traffic Tower project and writes that bank data could follow, after the successful implementation of the Data retention project. After the confirmation of these ambitions by the Ministry to several journalists, the plans received considerable media attention and critique from MPs. Two days later, the Ministry cancelled the national database on bank data.
The implications of the CIOT-database function creep were put in context by a second finding: at least 78.000 requests of traffic- and location data by Dutch LAEs in the last year. Until now, the Ministry had kept secret this information for the general public. Consequently, the news that Dutch LAEs are a European frontrunner when it comes to telecommunications data - subscriber-, traffic and locations data - requests was mentioned along the plans for the centralization of bank data. These revelations follow up a Bits of Freedom analysis of last summer, that concluded that the LAEs have been neglecting the data protection rules surrounding the database for at least three years in a row, even though internal audit reports had strongly called upon the LAEs to respect the privacy and data protection rights since the errors where 'undermining the legitimacy of the Law Enforcement effort'. Bits of Freedoms disclosure that authorized police officers had been giving their PIN-codes away to their colleagues and that the entire request procedure had not been subject to either independent oversight or prior check of legitimate access, were two of the more striking examples that reached the headlines in mainstream media back then. If that weren't enough, ISP and telecoms incumbent KPN stated in a letter - amongst the 27 released documents - that the operator rather keeps the data for itself, than handing it over to the CIOT-database.
Hence, the cancellation of the database on bank data is of important symbolic value. It casts light on the Traffic Tower project, the impact of mandatory centralized personal data storage and shows that civil society can stop such ambitions as it has the facts on its side. It also shows that civil society is needed in the future: the Ministry is still working out the centralization of telecommunications traffic- and location data of all Dutch citizens, to the effect that every single communication and movement of all Dutch citizens can be requested with one mouse click. Bits of Freedom will continue to put any ambitions to this end under close scrutiny.
As negotiations continue between EU and USA on the issue of air passenger data (PNR) transfer, so is the debate on the issue between the European Commission and the other EU bodies.
The European Parliament (EP) issued on 11 November 2010 a resolution on the matter. While reaffirming its determination to fight terrorism and organised crime, and welcoming the Commission's recent communication on the global approach to transfers of PNR data to third countries, the EP re-emphasizes the firm belief that that civil liberties and fundamental rights must be protected, “including the rights to privacy, informational self-determination and data protection”.
As proportionality remains a key issue for the EP, the resolution asks from the Commission to give “factual evidence that the collection, storage, and processing of PNR data is necessary for each of the stated purposes”.
As it has a veto right, the EP requires to be fully informed on any PNR developments related to “bilateral agreements and memorandums of understanding between Member States and the USA concerning the exchange of law-enforcement data and participation in the US Visa Waiver Programme, as well as the One-Stop Security programme”. On this occasion, it reminds us that “bilateral memorandums of understanding between Member States and the USA, alongside negotiations between the EU and the USA, are contrary to the principle of loyal cooperation between the EU institutions”.
In October, European Data Protection Supervisor Peter Hustinx also expressed his concerns regarding the necessity and legitimacy of PNR collection schemes and called for better safeguards in international PNR agreements. “The conditions for collection and processing of PNR data should be considerably restricted. I am particularly concerned about the use of PNR schemes for risk assessment or profiling,” he said.
He also criticised the Commission for doing its work in reverse order, dealing with international PNR agreements before having any kind of system within the EU. An intra-EU equivalent scheme is not scheduled until 2012.
“We have PNR (agreements) with the US and the EU. It is a lack of logic that we are not sharing (PNR) in the EU,” said Home Affairs Commissioner Cecilia Malmström who added that all the state members had required such an agreement.
On 15 November, Article 29 Data Protection Working Party (WP) issued an opinion stating that the European data protection authorities belonging to the WP remained critical on the exchange of PNR data with countries outside the EU.
In its opinion, issued as a reaction to the European Commission communication on the global approach to PNR transfers of 21 September 2010, Article 29 WP questions “the necessity of large-scale profiling for law enforcement purposes on the basis of passengers' data.”
Article 29 WP believes there still is no objective proof or statistics showing that PNR data are valuable in combating transnational crime and terrorism.
The data protection authorities consider that although the Commission has made some movements in the right direction there is still room for improvement such as the standards referring to onward transfer of collected data where “the principle of purpose limitation should apply, which means that the collected data may not be used by other government authorities in the receiving country for purposes not related to the combating of transnational serious crime and terrorism.”
European Parliament resolution of 11 November 2010 on the global approach to transfers of passenger name record (PNR) data to third countries, and on the recommendations from the Commission to the Council to authorise the opening of negotiations between the European Union and Australia, Canada and the United States (11.11.2010). Article 29 Data Protection Working Party - PRESS RELEASE - 'Data Protection Authorities Critical on sharing passengers' data' (15.11.2010).
The sixth edition of the Czech Big Brother Awards has recently been organised by EDRi member Iuridicum Remedium in Prague BIO eye where an expert jury selected the winners for 2010 from more than 140 nominations.
The Czech police received the Big Brother award in the long-term spying category, for having violated people's privacy by “their serious and long-term interference in people's privacy, mainly for archiving photographs of cars and its drivers from camera-monitoring systems,” as the organiser explained. The police was also criticised for its overuse of applications for access to sensitive data from mobile phones.
For the second year in a row, Facebook received the mock award as the largest corporate spy, for pushing users to enable anybody to have access to private data by its deceptive strategy and technical parameters. Facebook gets the maximum information from personal profiles, increasing their commercial potential.
The Interior Ministry was given the award in the category of the biggest official spying, for having hindered the preparation of the legislation for the improvement of personal data protection from camera monitoring systems, wiretapping and DNA databases.
Even the European Union received an award, at spying among nations category, for the negotiations in the Anti-Counterfeiting Trade Agreement (ACTA) and for funding the INDECT project aimed at developing computer programmes to detect “abnormal behaviour”. The project will research the use of CCTV systems in combination with audio recordings in urban areas. For the surveillance of citizens on the Internet, the system focuses on monitoring forums, blogs and social networks. The end users of the system will be a European police force.
The winner in the category of “The Big Brother's statement” was “Facebook father” Mark Zuckerberg for his statement that the right to privacy is simply a social norm developing over time and that people are now satisfied with eliminating privacy. In his opinion, “the age of privacy is over.”
ACTA got the award at the legal standard category for disregarding human rights in favour of the industry.
The positive award for privacy protection was obtained by the citizens in Vir nad Svratkou, South Moravia, for having stood up against the installation of a camera monitoring system in their village.
Prison sentences of up to five years for copyright infringement are projected in the new Law on Copyright and Related Rights adopted in September 2010 in Macedonia.
With this law, which in addition to authors' and artists' rights also regulates the rights of film and stage producers, radio and television organizations, as well as the rights of publishers and database developers, copyright infringement is actually becoming a crime.
With these changes to the law that was being prepared for four years, Macedonia now formally has the same copyright protection standards as the EU member states. However, the general impression is that the formal progress is far from significant, as copies of film and music works are being sold on the side walks of the busiest intersections in the capital, and some of the film festivals are still screening films using DVDs.
Representatives of agencies working in the IP field and fighting infringers of the Law on Copyright and Related Rights say that major violations of this Law are taking place in Macedonia, and no sphere is an exception; from the textile, pharmaceutical, to the tobacco and automotive industry.
We're seeing counterfeited material, copies of registered trademarks in every area - says Mite Kostov, chairman of the Coordination Body for Intellectual Property. He added that a great number of DVD stores across the country were closed as part of a copyright protection campaign. In Strumica, for example, out of 22 DVD stores, only a few remained in business, and only seven out of thirty in Tetovo, i.e. the ones that legally exist - Kostov said.
The common impression of experts in this sphere is that the biggest problem regarding the sanctioning of offenders is in the courts. This was also noted in the latest EU 2010 Progress Report on Macedonia, stating that only 23 out of 98 court procedures on copyright have been completed - Pepeljugovski said.
At the joint European Parliament and European Commission net neutrality summit in Brussels on 11 November there was a clear political message - that interference with Internet traffic is permissible as long as companies tell their consumers that it is happening.
The Commission will “wait and see” if such interferences cause problems for the market and will consider taking action if this is the case.
In a whole day of discussions, the fundamental rights aspects of the interference by private companies with citizens' communications were only questioned by Jeremie Zimmermann from La Quadrature du Net and Jan Albrecht MEP (Greens/EFA, Germany).
Anyone who has been active in telecoms regulation in Brussels for the past decade would have been forgiven for suffering from a severe bout of “déjà vu”. The large operators were out in force explaining that the market is very competitive and they could not afford any regulatory interventions. No regulatory intervention is needed, they explained, because the market will take care of all problems. Catherine Trautmann MEP (S+D, France) demanded a Commission Recommendation which, while not binding, would at least create a methodological framework adaptable for binding legislation after it fails. Her arguments were insightful, forceful and apparently ignored by the Commission.
The European Commission has heard the large operators' arguments before and was convinced to delay urgent regulatory interventions. In 1999/2000, there was an urgent need to open the “last mile” of telecoms infrastructure to competition, in order to boost Internet access in Europe. The Commission decided against the legislation and opted to “wait and see”. When nothing happened, they proposed a Recommendation on opening the market. When this also failed, they proposed a Regulation which was implemented well in some countries and badly in others, partly due to the rushed nature of the legislative intervention. “Wait and see” had failed European citizens.
The European Commission heard those arguments again when it started asking questions about the huge cost of mobile phone roaming. After initially waiting to see the scale of the issue, it started investigating the problem at the end of 2004 and a Regulation entered into force in June 2007. It took a further three years to deal with data roaming. The cost of this “wait and see” delay was the loss of millions of Euro for European businesses and European citizens. “Wait and see” had failed European citizens again.
And now, when developing policy to address interferences with private communications, when developing a policy which deals with a core element of modern democracy, the Commission has decided to “wait and see”. This time, however, the Commission will not be able to intervene once all other options have failed.
Once Internet intermediaries start interfering more overtly with communications, they will find it more and more difficult to argue that they should be entitled to do this for their own benefit, but not for other vested interests. Already, access providers are being asked to block peer to peer communications (see the Scarlet/Sabam case) and to block certain websites for the vested interests of the copyright industry, to block gambling websites for the benefit of vested interests of national gambling monopolies (in France, Italy and elsewhere) and to block websites accused of containing child abuse material, to hide the inadequacy of national administrations that are unwilling to make the effort to have the crime scenes taken offline and to prosecute the criminals behind them.
When the Commission finally decided to act in relation to unbundling and roaming, it just had to face the lobbying power of the telecoms companies. With the non-neutral Internet, however, things will be very different.
It will face the opposition not just of the large telecom providers, but also every company and organisation with a vested interest in restricting access to communication. It will also face the opposition of organisations arguing for policing of the net by access providers. The OECD is currently discussing how Internet intermediaries can police the Internet to achieve public policy objectives, the Council of Europe has asked for “reflection” on the liability of intermediaries in relation to online intellectual property infringements, the ACTA Agreement (which the EU is currently finalising) calls for the cooperation of Internet intermediaries in combating online intellectual property infringements, the UN has called for their cooperation to protect children online, the OSCE is discussing how they can cooperate to address hate speech. The list is endless.
Once the Commission has waited and seen that regulatory intervention is needed, it will be too late. Just wait and see.